GHOSTCRAWL
Sign in Start crawling →
Sign in Start crawling →

Trust & Compliance

GhostCrawl's compliance posture, data commitments, and legal resources. Last updated: 16 June 2026.

What GhostCrawl does

GhostCrawl provides reliable, high-fidelity browser automation for teams that collect publicly available web data at scale. We run full production browser engines (Chrome, Firefox, and WebKit) so pages render, hydrate, and settle exactly as they would for a real browser — delivering structured, faithful output to your systems.

We are infrastructure, not a data controller

GhostCrawl is infrastructure. You remain the data controller. We process data on your behalf as a data processor under GDPR Article 28. The data your jobs collect flows to your systems — GhostCrawl does not retain end-site content.

A Data Processing Agreement (DPA) is available to all paid customers. See our legal hub below for the full DPA and sub-processors list.

Responsible crawling by default

GhostCrawl respects robots.txt crawl directives by default. When a target site's robots.txt restricts automated access, GhostCrawl honors those restrictions unless you have explicit authorization from the target site operator to do otherwise. Configuring the service to ignore crawl exclusion directives without such authorization is prohibited under our Acceptable Use Policy.

GhostCrawl does not send requests at rates designed to harm target site performance. The service includes built-in rate controls and a per-domain request governor that limits traffic to safe, respectful levels.

Data residency

Customer session metadata is stored in EU-based infrastructure in Helsinki, Finland (EU). No end-site data is retained by GhostCrawl. Billing data is processed by our payment processor under their own compliance and data-processing framework.

What GhostCrawl is not designed for

GhostCrawl is built to collect publicly available web data. The following activities are outside the intended scope of the service and are prohibited under our Acceptable Use Policy:

  • Accessing data behind a login, paywall, or other authentication barrier
  • Creating or operating accounts on third-party platforms
  • Tracking, monitoring, or profiling individuals for surveillance purposes
  • Generating artificial engagement, clicks, views, or votes on any platform
  • Collecting personal data in ways that violate GDPR, CCPA, or applicable privacy law

Public-data legal framework

GhostCrawl operates within the public-data legal framework established by hiQ Labs v. LinkedIn (Ninth Circuit, 2022) and Meta Platforms v. Bright Data (N.D. Cal., 2024), which affirm that automated collection of publicly available web data does not constitute unauthorized access under U.S. law. Legality ultimately depends on how you use the service and the specific laws of your jurisdiction.

Reporting misuse

If you believe GhostCrawl is being used in violation of our Acceptable Use Policy, please report it via our contact form — it routes straight to our trust & safety team.

Legal documents

All GhostCrawl legal documents are available at docs.ghostcrawl.io/legal/: